Ubuntu server settings(持续更新中)

记录自己的vps基础配置

SSH settings

• Add user

adduser shen
usermod -aG sudo shen # add shen to root group 

• Add new SSH key to non-root account

su shen
cd ~
mkdir ~/.ssh
chmod 700 ~/.ssh
touch ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys

• 本地generate SSH key

• Add ssh public key to ~/.ssh/authorized_keys

• Change SSHD settings: vim /etc/ssh/sshd_config

PasswordAuthentication no
PermitRootLogin no
Port 22221

• Restart SSH service

sudo service ssh start

bbr

• Enable bbr

sudo echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
sudo echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf
sudo sysctl -p

• Check bbr status

sudo sysctl net.ipv4.tcp_available_congestion_control
# net.ipv4.tcp_available_congestion_control = bbr cubic reno
sudo lsmod | grep bbr

Firewall

• Install ufw

sudo apt-get install ufw

• Rules for ufw

sudo ufw allow 22221/tcp # SSH
sudo ufw allow 25387 # SS
sudo ufw allow 28888 # ResilioSync
sudo ufw default deny incoming
sudo ufw default allow outgoing

• Enable ufw

sudo ufw enable

Shadowsocks

• Install

sudo apt update
sudo apt install shadowsocks-libev

• Shadowsocks settings /etc/shadowsocks-libev/config.json

{
    "server":"0.0.0.0",
    "server_port":25387,
    "local_address":"127.0.0.1",
    "local_port":1080,
    "password":"xxxxxxxxxxxxxxx",
    "timeout":600,
    "method":"aes-256-gcm"
}

ResilioSync

• Install

sudo echo "deb http://linux-packages.resilio.com/resilio-sync/deb resilio-sync non-free" | sudo tee /etc/apt/sources.list.d/resilio-sync.list
sudo apt-get install curl -y
sudo apt-get install gnupg -y
curl -LO http://linux-packages.resilio.com/resilio-sync/key.asc && sudo apt-key add ./key.asc
sudo apt-get update
sudo apt-get install resilio-sync

• Settings /etc/resilio-sync/config.json

{
    "storage_path" : "/var/lib/resilio-sync/",
    "pid_file" : "/var/run/resilio-sync/sync.pid",

    "webui" :
    {
        "listen" : "0.0.0.0:28888"
    }
}

• Log on the ip:28888/gui
• Add new key and select storage at /home/rslsync/xxx
• Change /etc/resilio-sync/config.json webui listen settings 0.0.0.0 -> 127.0.0.1

开机自启动任务

• 教程Other systemd deamon service

• lib/systemd/system/intellij-activication.service

[Unit]
Description=Intellij activication service
After=network.target


[Service]
User=nobody
Group=nogroup
Type=simple
ExecStart=/usr/local/bin/IntelliJIDEALicenseServer_linux_amd64 -p 18413 -u shenxx  2>&1> /dev/null

[Install]
WantedBy=multi-user.target

• lib/systemd/system/vlmscd.service

[Unit]
Description=KMS Server By vlmcsd
After=network.target

[Service]
Type=forking
PIDFile=/var/run/vlmcsd.pid
ExecStart=/usr/local/bin/vlmcsd-x64-glibc -p /var/run/vlmcsd.pid
ExecStop=/bin/kill -HUP $MAINPID
PrivateTmp=true
 
[Install]
WantedBy=multi-user.target